Introduction In the last days of November, some Middle East countries have been targeted by a new wave of attacks related to the Iranian APT group known as “MuddyWater“: their first campaign was observed back in 2017 and more recently Unit42…

Introduction In the last weeks, a new variant of the infamous Ursnif malware was discovered hitting Italian users through a malspam campaign. In fact, Yoroi-Cybaze ZLAB isolated several malicious emails having the following content: Subject: “VS Spedizione DHL AWB 94856978972…

Introduction Few days ago, the CERT-Yoroi bulletin N061118 disclosed a dangerous campaign attacking several Italian users. The attack wave contained some interesting techniques need to look into further, especially regarding the obfuscation used to hide the malicious dropping infrastructure. The…

Introduction In the past months CERT-Yoroi observed an emerging attack pattern targeting its constituency. These series of malicious email messages shared common techniques may be likely related to a single threat group starting its operation against the Italian cyber panorama.…

Introduction The researchers of the Yoroi-Cybaze ZLab, on 16 November, accessed to a new APT29’s dangerous malware used for the recent attacks against many important US entities, such as military agencies, law enforcement, defense contractors, media companies and pharmaceutical companies. …

Introduction A new variant of the infamous APT28 Lojax (aka Double-Agent) has been discovered by the Yoroi-Cybaze ZLab researchers. It is the latest version of the well-known rootkit Double-Agent, previously analyzed by ESET researchers. The behavior of the Lojax sample…

This site uses cookies necessary for its operation that are exclusively technical. In addition, there are third-party profiling cookies (Google Analytics) whose data will be used to improve the browsing experience and the use of information content and for traffic analysis. The data will not be transferred to third parties. If you want to change the cookie policy, we invite you to click here otherwise, by closing this banner, scrolling this page or by clicking any of its elements you consent to the use of cookies. For more detailed information you can click on the privacy policy